Agentic identity security by design: are access controls keeping up?

TL;DR: Agentic AI systems can retrieve data, call APIs, use tools, and take actions autonomously, so access control must be embedded into workflows from the start, according to PlainID and Gartner research. The real security problem is not agent capability alone, but whether runtime authorization, traceability, and least privilege can keep pace with autonomous decisions.

NHIMG editorial — based on content published by PlainID: ALL NEW Agentic Identity Platform Secured by Design: Building Trustworthy Agentic AI from the Ground Up

By the numbers:

• Gartner predicts that more than 50% of successful cyberattacks against AI agents through 2029 will exploit access control weaknesses.
• The average cost of a UK data breach reached £4.53 million, according to Gartner’s 2025 research.
• PlainID supports 35M+ managed identities with 99.99% uptime.

Questions worth separating out

Q: How should security teams implement runtime authorization for AI agents?

A: Security teams should enforce authorization at the moment an agent requests a tool, API, or data action, not just when the agent is created or authenticated.

Q: Why do AI agents complicate least privilege for IAM teams?

A: AI agents complicate least privilege because their access is not limited to a single role or application.

Q: How do organisations know if agentic access controls are working?

A: They know controls are working when every autonomous action can be traced back to an approved policy decision, and when the agent cannot exceed its purpose by combining separate low-risk permissions.

Practitioner guidance

• Move authorization into the execution path Evaluate each agent tool call, API request, and data retrieval at runtime before the action is allowed to proceed.
• Model privilege by workflow, not by account alone Map the full chain from prompt to tool to data source to response, then assign the minimum effective access required for that chain.
• Log autonomous actions with audit-grade context Capture the decision, the tool invoked, the data accessed, and the resulting action in a single trace.

What's in the full article

PlainID's full article covers the operational detail this post intentionally leaves for the source:

• A practical breakdown of how the platform positions dynamic authorization across prompts, tools, APIs, and responses.
• Examples of how security by design is mapped to agentic AI guardrails and runtime policy enforcement.
• The article's own framing of least privilege, zero trust, and traceability for agent workflows.
• The vendor's description of platform scale and deployment posture for large identity estates.

👉 Read PlainID's analysis of secured-by-design authorization for agentic AI →

Agentic identity security by design: are access controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →